Lucene search

K
nvd[email protected]NVD:CVE-2006-2469
HistoryMay 19, 2006 - 10:02 a.m.

CVE-2006-2469

2006-05-1910:02:00
web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.8%

The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows attackers to gain privileges.

Affected configurations

NVD
Node
beaweblogic_serverMatch6.0sp6
OR
beaweblogic_serverMatch6.1
OR
beaweblogic_serverMatch6.1sp1
OR
beaweblogic_serverMatch6.1sp2
OR
beaweblogic_serverMatch6.1sp3
OR
beaweblogic_serverMatch6.1sp4
OR
beaweblogic_serverMatch6.1sp5
OR
beaweblogic_serverMatch7.0
OR
beaweblogic_serverMatch7.0sp1
OR
beaweblogic_serverMatch7.0sp2
OR
beaweblogic_serverMatch7.0sp3
OR
beaweblogic_serverMatch7.0sp4
OR
beaweblogic_serverMatch7.0sp5
OR
beaweblogic_serverMatch8.1
OR
beaweblogic_serverMatch8.1sp1
OR
beaweblogic_serverMatch8.1sp2
OR
beaweblogic_serverMatch8.1sp3
OR
beaweblogic_serverMatch8.1sp4
OR
beaweblogic_serverMatch9.0

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.8%

Related for NVD:CVE-2006-2469